Introduction

I assume that you have clicked on this article / blog because you are an awesome fan of stored procedures (like me) and you cannot see these kind of loose statements.
My sincere suggestion would be to read this article once, give a thought on the experiments, and then the comments section
is always there to throw bricks at me.

Stored Procedures are precompiled so they are faster

Ask any one why he prefers stored procedures as compared to inline queries and most will reply back with a standard statement:

“Stored procedures are precompiled and cached so the performance is much better.”

Let me just explain the above sentence more diagrammatically. When we fire SQL for the first time,
three things happen:

The SQL syntax is checked for any errors.

The best plan is selected to execute the SQL (choice to use clustered index, non-clustered etc.).

Finally the SQL is executed.

The above statement states that when you run a stored procedure for the first time it will go through all the above steps and the plan will be cached in-memory. So
the next time when the stored procedure is executed it just takes the plan from
the cache and executes the same. This increases performance as the first two steps are completely eliminated.

The above statement also says / implies that for inline queries all the above steps are repeated again and again which brings down
the performance considerably.

The above explanation was pretty valid and true for older versions of SQL Server, but from 2005 onwards, all SQL statements,
irrespective of it’s a SQL coming from inline code or stored procedure or from anywhere
else, they are compiled and cached.

OK, now walk your talk

Image from http://www.stegman.com/site/wp-content/uploads/2011/07/Man-walking-rope.jpg

In order prove the above point I did a couple of experiments. I wrote a simple .NET application which makes calls to SQL Server by using both methodologies, i.e., simple inline SQL and stored procedure.

Below is a simple experiment to prove the same.

We have created two scenarios: one which will run a simple inline SQL as shown below. This SQL goes and queries a simple “Users” table to check if
a user exists in the database or not.

Both these SQLs are fired from the application with a profiler running in the background. We capture two events when we ran the profiler:
CacheHit and CacheInsert. The CacheInsert event is fired when the plan is inserted in the cache while
CacheHit is fired when the plan is used from the cache.

When we ran the experiment with the stored procedure we saw the below
results. You can see in the trace below:

“CacheInsert” first creates the plan and inserts it into the cache. Once the plan is cached
the CacheHit event occurs which means it has taken the plan from the cache rather than recreating
it from scratch.

When we ran the experiment with inline SQL we saw similar kinds of results. You can see how
the CacheHit event is hit after the CacheInsert event is fired.

Cheater, change the data?

If you see look at the previous experiment, the data is absolutely the same. The time I change the data as shown in the figure below, you can see it’s no
longer using the cache, rather creating new cache entries.

Let me go ahead and tweak the ADO.NET code to support parameters as shown below.

When I capture the cache events in the profiler it is using the cache. You can see in the below figure how first the cache insert event occurs and after that it always hits the cache for the plan rather than recreating it.

Dynamic SQL and Dynamic SQL

One of the most confusing terminologies people use is Dynamic SQL. Let’s refine this word further. There are two types of dynamic SQL: one is dynamic SQL and the other is parameterized dynamic SQL.

Courtesy: Spiderman 3

Dynamic SQL is of the form as shown below (it can be more dynamic where column names are also built on
the fly).

In simple words performance of inline parameterized SQL is the same as that of
Stored Procedures.

Hmm, what about network traffic?

If you have read so far you must be embarrassed, the way I was when I lost this argument. To counter protect many developers would also argue that network traffic decrease when using stored procedures is less as compared to
that for inline SQL.

In simple words if we use stored procedures we just send:

Sp_login

If we use inline SQL we send the complete SQL which will increase traffic.

'Select * from Users where UserName=@UserName and Password=@Password'

Must be this is a valid point if we are having many Windows apps pounding on one SQL
Server. That can lead to a lot of network traffic if there are a lot of transactions.

In case of web applications where the SQL and the ASP.NET code (in the same data center)
are very much near I do not really buy this point out.

As said this is just my personal opinion.

I will still use stored procedures

At the end of the day I will still prefer stored procedures. The choice of choosing stored procedures will not be performance but it will be more from the aspect of security and maintenance. Below are some of the points where stored procedures
are definitely a plus over inline SQL.

Abstraction

By putting all your SQL code into a stored procedure, your application is completely abstracted from the field names, tables names, etc. So when you make changes in the SQL, you have less impact in your C# code.

Security

This is the best part where stored procedures again score, you can assign execution rights on users and roles.

Maintenance ease

Now because we have centralized our stored procedures any issue like fixing defects
and other changes can be easily done in a stored procedure and it will be reflected across
the installed clients. At least we do not need to compile and deploy DLLs and EXEs.

Centralized tuning

If we know we have a slow running stored procedure, we can isolate it and the DBA guys
can performance tune it separately.

Cursors, temp table complications

Simple TSQLs are OK. But what if you have a bunch of statements with IF, ELSE, Cursors, etc? For those kind of scenarios, again stored procedures are very handy.